• Stars
    star
    144
  • Rank 255,590 (Top 6 %)
  • Language
    C#
  • License
    GNU General Publi...
  • Created over 4 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Hide cool stuff in images :)

Blogpost: https://redteamer.tips/introducing-gg-aesy-a-stegocryptor/

WARNING: you might need to restore NuGet packages and restart visual studio before compiling. If anyone knows how I can get rid of this problem, DM me.

Manual

To start off, I highly recommend to always use GG-AESY using verbose mode or very verbose mode, if you are not using this in unmanaged loaders, I also recommend always specifying an outfile.

pay attention with very verbose mode though, especially if you are hiding big payloads. as very verbose mode will print the byte array to console.

having said that, let's dive into the manual for this baby.

  _______   _______                    ___       _______     _______.____    ____
 /  _____| /  _____|                  /   \     |   ____|   /       |\   \  /   /
|  |  __  |  |  __      ______       /  ^  \    |  |__     |   (----` \   \/   /
|  | |_ | |  | |_ |    |______|     /  /_\  \   |   __|     \   \      \_    _/
|  |__| | |  |__| |                /  _____  \  |  |____.----)   |       |  |
 \______|  \______|               /__/     \__\ |_______|_______/        |__|


        V1.0.0 by twitter.com/Jean_Maes_1994

        Encryptor and (optional) stegano

 Usage:
  -h, -?, --help             Show Help


  -e, --encrypt-only         Only encrypts given payload

  -d, --decrypt              decryption mode

      --ps, --payload-size=VALUE
                             only needed if extracting payload from image for
                               decryption

      --ef, --encrypted-file=VALUE
                             ENCRYPTION: The outfile for encrypted data

                               DECRYPTION:The inputfile needed to decrypt the
                               payload.




  -p, --payload=VALUE        The path to the payload you want to encrypt

  -o, --outfile=VALUE        The path to the outfile where all important data
                               will be written to (key,iv and encrypted
                               payload)

  -i, --image=VALUE          The image file to hide the key and/or IV in,
                               currently only supports JPEG (JPG) format!

      --ok, --offset-key=VALUE
                             The offset to search for the key in image (in
                               decimal)

      --okh, --offset-key-hex=VALUE
                             The offset to search for the key in image (in
                               hex)

      --oIV, --offset-IV=VALUE
                             The offset to search for the IV in image (in
                               decimal)

      --oIVh, --offset-IV-hex=VALUE
                             The offset to search for the IV in image (in
                               hex)

      --op, --offset-payload=VALUE
                             The offset to search for the payload in image
                               (in decimal)

      --oph, --offset-payload-hex=VALUE
                             The offset to search for the payload in image
                               (in hex)

  -v, --verbose              write all the good stuff to console,recommended
                               you actually always use this.

      --vv, --very-verbose   prints encrypted payload array to console
  -k, --key=VALUE            in case you want to use your own key value!

      --IV, --initialization-vector=VALUE
                             in case you want to use your own IV

      --rk, --random-key-mode
                             will hide your key in a random insertion point
                               in the provided image, without breaking said
                               image. will print the offset to console

      --ra, --random-all-mode
                             will hide both Key and IV in a random insertion
                               point of the image.

      --ak, --append-key-mode
                             will hide the key at the end of the image file

      --aa, --append-all-mode
                             will hide the key and the IV at the end of the
                               image file.

      --ap, --append-payload-mode
                             will hide the payload at the end of the image
                               file

      --rp, --random-payload-mode
                             will hide the payload at a random insertion
                               point.

      --apu, --append-payload-unencrypted
                             appends your payload without crypto, useful for
                               very quick and dirty data exfil.

-e or --encrypt-only: Will only encrypt a given payload (-p) will write key/iv to console if using verbose mode, will write key/iv/payload into an outfile if using the outfile (-o) flag, and finally will write the bytestream to another file if using the encrypted file (-ef) flag.

-d or --decrypt: Decryption mode, you can specify the decryption parameters using offsets (in case you have hidden key or key and IV in a JPEG). Offsets are passed to the program using either the offset-key (-ok) or offset-key-hex (-okh) flags, you can use "-" as separators or just paste in the hex without any separators, both will work fine. IV's work the same way using -oIV and -oIVh flags.

Alternatively, you can give the IV and Key directly (in case they are not hidden in a JPEG), using the key (-k) and initialization-vectors (-IV) flags. As with the offset flags, "-" can be used as a separator, GG-AESY accepts both ASCII and byte values.

In order to decrypt, you'll also need to specify an encrypted file (-ef).
Should you have hidden a payload in a JPEG and wish to decrypt it, you'll have to specify the payload size (-ps) so GG-AESY will extract all data correctly without false positives/false negatives :) .

-u or --unpack: Will unpack unencrypted appended payloads (=apu mode) from the JPEG.

Stego modes:

If no key/iv is provided, random key/iv's will be used to encrypt your data. All stego modes will require you to pass GG-AESY a JPEG image (-i). If you have specified an outfile (-o) to save your important information about the crypto ( such as key, iv, payload), all stego modes will also add the injection places in this file.

-rk or --random-key-mode: This Stego mode will hide your AES-256 key at a random injection point.

-ra or --random-all-mode: This Stego mode will hide both your AES-256 key and IV at a random injection point, both injection points can be the same (it's a random selection process), in this case, the key and IV will be injected back to back.

-ak or --append-key-mode: This Stego mode will append the AES-256 key at the end of the JPEG.

-aa or --append-all-mode: This Stego mode will append both AES-256 key and IV at the end of the JPEG.

-ap or --append-payload-mode: This Stego mode will append the encrypted payload bytestream to the end of the JPEG.

-rp or --random-payload-mode: This Stego mode will inject the encrypted payload bytestream at a random injection point. CAUTION: This only works if your payload does not exceed 65,535 bytes, which is about 65kb, if you try a larger payload, an error will be thrown in your face. Needless to say, this mode is practically useless :)

-apu or --append-payload-unencrypted: This Stego mode will append the payload bytestream as-is to the end of the JPEG.

DISCLAIMER: This tool is in EARLY BETA. It's not been battle tested yet, so please submit improvements through PR's or raise issues in case of bugs. However, due to my current workload, active development on this tool from my end will not be possible at this time.
This does not mean I'm abandoning this project though :)

More Repositories

1

LazySign

Create fake certs for binaries using windows binaries and the power of bat files
PowerShell
543
star
2

SharpZipRunner

Executes position independent shellcode from an encrypted zip
C#
300
star
3

Invoke-DLLClone

Koppeling x Metatwin x LazySign
PowerShell
201
star
4

SharpHandler

C#
181
star
5

AmsiHooker

Hookers are cooler than patches.
C#
167
star
6

TrustJack

Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
C#
142
star
7

SharpNukeEventLog

nuke that event log using some epic dinvoke fu
C#
114
star
8

SharpLNKGen-UI

UI for creating LNKs
C#
96
star
9

SharpRDPDump

Create a minidump of TermService for clear text pw extraction
C#
87
star
10

Backdoorplz

adding a backdooruser using win32api
C++
79
star
11

Red-EC2

Spin up RedTeam infrastructure on AWS via Ansible
59
star
12

DeepSleep

all credits go to @mgeeky
C
58
star
13

CSharpReflectionWorkshop

The repository that complements the From zero to hero: creating a reflective loader in C# workshop
C#
37
star
14

Clippi-B

C#
34
star
15

FunWithServerless

Python
23
star
16

Emulation-Workshop

The repository accompanying the Buer Emulation workshop
C#
23
star
17

Ansible-EmpireSuite

ansible roles to download and install empire (BC-Security),deathstar(byt3bl33der) and starkiller (BC-Security)
23
star
18

CMDLL

the most basic DLL ever to pop a cmd.
C++
22
star
19

Red-Route53-Interactive

17
star
20

talks-cons

aggregated repo for all conferences and talks I am giving
C#
17
star
21

Ansible-Cobalt-Strike

An Ansible role to install cobalt-strike
16
star
22

SharpXOR

XOR crypt/decrypt using C#
C#
12
star
23

blogposts-talks-and-tidbits

all random stuff that dont warrant a seperate repo
C
12
star
24

Parsers

parsers to make life easier
Python
12
star
25

DRegHide

fun stuff with null bytes and dinvoke
C#
8
star
26

sharpbysentinel

lol firewall
C#
7
star
27

impacket-nomulti-adcs-shadowcreds

in case clients are annoying with enforcing signing :)
Python
7
star
28

SEC565-Tools

PowerShell
5
star
29

NerveGas

messing around with ETW in C#
C#
4
star
30

x33fcon-workshop

PowerShell
3
star
31

RegFetch

Interfaces with winsockets to fetch a txt file, parses the file and changes the registry accordingly
C++
2
star
32

BeFree

get rid of pesky registry restrictions.
PowerShell
2
star
33

Get-ServiceACL

courtesey of a gist I found on github
PowerShell
1
star